package top.chukongxiang.project.base.oauth2;

import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * 资源服务器配置
 * @author 楚孔响
 * @version 1.0
 * @date 2021/12/14 17:14
 */
@Configuration
@EnableResourceServer
@DependsOn("authWebSecurityConfig")
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // 开启允许iframe 嵌套
//        http.headers().frameOptions().disable();
        http.cors().disable()
                .csrf().disable()
                .authorizeRequests()
                .antMatchers(
                        "/oauth/**").permitAll()
//                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}
